Transparency and Trust – We pride ourselves on being the only site where users can freely contribute and share their
reviews on any antivirus with other community members. When you visit an antivirus site we link to, we sometimes get
affiliate commissions that support our work. Read more about how we operate.

A free, highly customizable, feature-rich open source password manager for tech-savvy users who are comfortable with a basic interface, integrating plugins and some manual work. The fact that it’s free and open-source is really the best thing about it. This makes it highly secure, but also potentially dangerous. I’d only recommend this if you know what you’re doing. Otherwise, you’re way better off with something like Dashlane or LastPass.

Write Review on KeePass

Title

Summary

Score

0.0/ 5.0

Please enter your email address to submit your review

Email

Name

Detailed Expert Review

KeePass Password Safe is a different animal in the password managers’ universe. Although many tools are free, KeePass is also a completely open-source based password manager. This has several implications that are pretty important in deciding whether this is the right tool for you.

KeePass is not a flashy, easy-to-use software. Compared to other free password managers, such as LastPass or RoboForm, which feature a modern and friendly interface, KeePass is lagging behind; in fact, a user with no background (even a basic one) in manual software configuration and putting simple scripts to work might be confused by its design and lack of intuitiveness. However, the real value of KeePass is in its surprising amount of features, security strength and versatility—if you are up for the task of learning how to use it. After looking closely at almost 70 password managers, here’s what I thought you really need to know about this unique tool.

KeePass offers two versions of its tool that vary in the basic features available (see screenshot). 1.x is much leaner and may be a good solution for getting started, as both versions are free.

You will find that the 2.x version offers loads of features that cover a wide range of different scenarios and uses (some via plugins). It is an impressive offering and it matches up very well to other password managers on the market (more than LastPass and Dashlane; only Zoho Vault offers a comparable amount, but remember that open-source evolves faster due to its decentralized nature), but you would be wise to consider the learning curve required for integrating the various plugins (over 100!), or scripts and getting familiarized with them. This is relevant to in-demand features, such as a mobile app (there’s an unofficial version available) and browsers’ extensions that are available only through plugins.

The rule of thumb with this password manager’s features is that whatever is not already in the box has a workaround via a plugin, or a third party unofficial development (a mobile app, for instance). The version I reviewed is 2.41, and as an open-source tool, we can expect that its evolution will consist of more and more features in varying specificity levels.

Remember that by default, KeePass stores the data locally on your device. This is great for security compared to other password managers who sync it to a cloud service (Dashlane, for instance) but if you do want to use such an option you can configure KeePass to do so, but expect to do some copying and pasting manually. A good practice would be to put KeePass credentials database on cloud-syncing folders, like OneDrive, Google Drive, etc. There’s no limit to the number of passwords you can create and KeePass also allows you to create as many sub-folders as you want to manage your databases.

Here are the main features to pay attention to:

Top-notch security

KeePass is not shy about its security strength, and they like to show it (see their awards section). The program checks itself with every run and alerts if any of the algorithms fail the test. For those who are apprehensive about the open-source model in a security context, you may want to read what KeePass says on its home page (see screenshot below).

Complete database encryption: KeePass encrypts the password fields, but also usernames, notes and other details as well

KeePass process memory protection: passwords are encrypted while KeePass is running. This feature prevents using the process of dumping memory to disk by your OS as a backdoor to reveal your passwords.

Multiple user keys

One master password is used to decrypt the entire database

Using a key file (on its own, or in tandem with the master password). Carrying the file in a physical piece of hardware (a flash drive, for example) means it is safe from cyber attacks, but make sure you don’t lose it!

You can combine the key file with the master password for stronger 2-factor authentication encryption. The good news is that losing the key file does not compromise your database’s security.

Portable and low-signature version

KeePass features a portable version that can be carried on a flash drive and runs on Windows OS without any installation needed (see versions screenshot above)

KeePass doesn’t store anything on your system. No new registry keys or INI files are created in a Windows directory.

Deleting KeePass (either the ZIP or installer package) doesn’t leave a trace of it in your OS

Import-export standards

KeePass does a good job taking care of its relatively weak point when it comes to browser integration with easily importing and exporting data from other password managers out there (in the pro version). In fact, with over 40 vendors included (LastPass, RoboForm 8, Dashlane 4 and others), it may well be a leader in this category. The downside is that you’d have to do some manual copying and pasting.

Password list can be exported to TXT, HTML, XML and CSV formats

The XML output can be used in other applications

The HTML output employs CSS to format tables for easy layout changes

The CSV output is fully compatible with most other password safes

The CSVs can be imported by spreadsheet applications like Microsoft Excel

Plans and Pricing

There’s no fine print here: KeePass is totally free, regardless of the version you wish to use. You do have the option to make a donation to support this open-source effort on the website, but it is completely voluntary. As for plans, as I’ve noted in the overview, the difference between the lighter 1.x version and the 2.x (sometimes referred to as “pro”) is in the number of available features. The KeePass website does a good job in comparing the two versions head-to-head according to various categories/use-cases (see screenshot).

Ease of Use and Setup

Installing KeePass to my Windows 10 system was smooth and easy; downloading the desired version was quick and the site is informative and helpful. KeePass was designed to operate in a windows environment and covers even ancient legacy versions (even as far back as Windows 7, via… plugins), but it is compatible with Mac iOS, Linux and other OSs out there.

The major issue with KeePass is the overall UX/UI, namely, the grey Windows 95-style screen that welcomes you once the program is opened. There are no pop-ups, tool-tips or any indication of what you should be doing to actually start putting this tool to good use. This is the downside of the open-source nature of KeePass, as much work was put into the technical security functionalities, but the design obviously suffered major compromises.

It’s hard to imagine a non-techy user being comfortable using this password manager. Other then the main menu ribbon, there’s nothing out there to prompt any action. The first thing you want to do is to create a new database by clicking the somewhat obscure icon (see screenshot). From there on you could choose which folders to work with.

The password generator interface is equally old fashioned, yet clear and offers the most configurable, detailed password creation out there (see screenshot). You could set and configure virtually every aspect of your master password as it is rated in real time by the generator. As you noticed with KeePass, the level of features and configuration stands up to the paid competitors in the password management universe, but an ordinary user probably wouldn’t find a use for most of them.

Security

As I mentioned earlier, KeePass employs the SHA-256 encryption standard, which is considered the highest in the industry and has shown no major weakness so far. Paring that with the key-file option creates a very powerful 2-factor authentication that incorporates a physical aspect (a flash drive carrying your key-file) that is less vulnerable to cyber attacks. As an out-of-the-box feature, this is very nice (and free!).

As far as I know, the KeePass password management system did not show any critical weakness that is prone to breaches—so, in terms of security, it is a very powerful tool.

If you ‘d like to backup your password database, KeePass doesn’t offer a built-in option, but it is possible to do a manual backup.

Customer Support

KeePass is an open-source venture, as such there’s no major corporate-level support as users have come to expect in password management (and in any other services). The website offers a help page with an FAQ section, but this will not benefit a user that finds technical reading tedious and just needs a helping hand in real time. To their credit, KeePass’s help is very well organized and detailed.

Learning how to perform manual processes and getting around the somewhat bleak interface is done through a wiki that is referred to from the help page (see screenshot).

The program does support a vast number of languages, thanks to the open-source contribution from many individuals from all over the world. In that respect as well, no other password manager has such extensive language support, which would make a lot of users happy around the globe.

Bottom Line

As the only open-source password manager on the market, KeePass does present a unique set of pros and cons. As for its main objective, security, it certainly delivers a very high level of encryption that meets the highest standards of its competitors. It includes many features and integrations that cover most of the scenarios and use cases for encrypting databases and storing passwords and is actually the most customizable tool out there.

But, and it’s a big but, KeePass has placed all their firepower on the technical abilities of the program and very little on its user-friendliness. As I reviewed above, KeePass’s flexibility and customizability are dependent directly on the user’s willingness and ability to learn and employ functions that are out of the box, i.e. plugins, scripts and third-party integrations. A techy tinkerer would delight in the options to personalize just about anything in this tool to their liking. However, your average Joe looking for a friendly password manager would most likely run for cover after staring at the home screen for 5 minutes.

True to open-source ethics, KeePass is completely free and constantly evolving with more (and more) plugins and languages available to augment its functionality. If you are a user that is willing to take the time to learn what KeePass can do for you—and accept what you must do manually—you will benefit in the long run. For those who are looking for a smoother, friendlier tool that goes the extra mile to make the user’s life easier—probably best to choose a different vendor and not get blinded by the non-existent price tag.

About the Author

Sophie Anderson has spent the last 10 years working as a software engineer for some of the biggest tech companies in Silicon Valley. She now works as a cybersecurity consultant and tech journalist, helping everyday netizens understand how to stay safe and protected in an online world.

Great and easy-to-use password manager, but requires some time to setup it

Windows User

IMO KeePass is one of best (if not best one) password manager in existence.

I agree that it's one of safest (if not safest one) password manager. This password manager is free and open source, and is one of most audited piece of software in the world, so you can be sure that isn't security by obscurity.

For ease of use, I find KeePass really easy to use and I don't agree at all what her says about this. Still, it might take a bit time to learn how to use this program.

Sure, it has no browser integration out of the box, but you can always install a KeeForm plugin to make it work with a web browser.

You can backup your database pretty much where you want and it's possible to sychronize your database with your devices. I have same ...Show More

database synchronized with my two computers and my phone through Dropbox. There are many plugins and mobile apps that support synchronizing your database with cloud storage.

If you are ever confused about using KeePass, there is a community dedicated to helping users of KeePass on SourceForge, so customer support isn't all that bad as they say - in fact in comparison it's better than of closed-source competitors.

Share this Review

Reply to {{name}}

Transparency and Trust – We pride ourselves on being the only site where users can freely contribute and share their
reviews on any antivirus with other community members. When you visit an antivirus site we link to, we sometimes get
affiliate commissions that support our work. Read more about how we operate.